DEV Community

Alex Yaroslavsky
Alex Yaroslavsky

Posted on

Multiple AWS accounts and CLI

#aws #cli #okta #productivity

After following this guide you will able to easily and seamlessly switch between multiple AWS accounts and roles (with or without Okta) using the CLI.

Prerequisites:

Check out the first article in the series for requirements and initial configuration.

trexinc image

AWS CLI with Okta

Alex Yaroslavsky ・ Jul 13 ・ 2 min read

#aws #cli #okta #productivity

How To:

The following instructions are meant to be used in Linux or WSL, tested with Ubuntu.

Configure non Okta accounts 

aws configure --profile profile
aws configure --profile multi-role-profile

Configure Okta accounts

Create a file ~/.okta-aws with the following contents:

[okta-profile]
username = <username>
factor = OKTA
app-link = https://<your-company>.okta.com/<app-link>
base-url = <your-company>.okta.com
duration = 3600

[okta-multi-role-profile]
username = <username>
factor = OKTA
app-link = https://<your-company>.okta.com/<app-link>
base-url = <your-company>.okta.com
duration = 3600

Initialize the profiles:

okta-awscli --okta-profile okta-profile --profile okta-profile
okta-awscli --okta-profile okta-multi-role-profile --profile okta-multi-role-profile

Configure accounts with multiple roles

Some accounts might use role switching, add similar sections to ~/.aws/credentials per role (notice that source_profile points to a previously defined profile):

[multi-role-profile-role1]
role_arn = <role-arn>
source_profile = multi-role-profile

[okta-multi-role-profile-role1]
role_arn = <role-arn>
source_profile = okta-multi-role-profile

Associate EKS clusters with profiles

Run the following per EKS cluster that you want to have kubectl access to, <profile-name> is a name of the AWS profile defined above that has permissions for this EKS cluster:

aws --profile <profile-name> eks update-kubeconfig --name <eks-cluster-name>

Create scripts for fast account switching

The scripts switch to the relevant AWS account, point kubectl to the relevant cluster, and set a default kubectl namespace.
Create one script file per profile, and place it in your home directory.

File okta-multi-role-profile-role1:

export AWS_DEFAULT_PROFILE=okta-multi-role-profile-role1
kubectl config use-context <eks-cluster-arn>
kubectl config set-context --current --namespace=<namespace>
aws sts get-caller-identity
if [[ $PS1 != *"AWS_DEFAULT_PROFILE"* ]]; then
  PS1=\(\$AWS_DEFAULT_PROFILE\)$PS1
fi
echo "Switched to okta-multi-role-profile-role1"

Switch between accounts

To quickly switch between accounts just do the following:
source <profile-file>

For example:
source okta-multi-role-profile-role1

Top comments (0)

Read next

markadel profile image

Fixing VS Code Go to Definition Issue on Linux Mint

Mark Adel -

alexroor4 profile image

Liquidation is every crypto trader's worst nightmare. But what can be done to avoid it?

Alex Roor -

pruthvikumarbk profile image

I Built a CLI Tool That Tells Me When I'm Over-Engineering (Again) 🤖

Pruthvi Kumar -

hexfloor profile image

More storage for media : organize files using ChatGPT

hexfloor -